Topic: Why is my Mail being marked as Spam?
Hello,
I have a problem - the setup is the following:
internal MS Exchange Server -> iRedMail -> World
The internal Exchange Server is doing a SMTP Auth for dropping the Mails to iRedMail (Smarthost Setup, relay@example.org in the logs below). ALLOWED_LOGIN_MISMATCH_SENDERS ist configured for relay@example.org.
But sometimes my Mails are being tagged as Spam by iRedMail - I do not understand why - I am doing a SMTP Auth!?
Why is the check for "RCVD_IN_PBL" being performed- I am using SMTP Auth? I would expect that this check should not being applied?
Why is the IP adress in the report other than my inbound ip (89.166.145.68 in the report, my ip: 90.187.90.14).
Are there other reasons why my mail is being marked as Spam?
Below I added the Logs (adresses, IPs, etc. are anonymised), perhaps somebody has an idea?
Thanks
Sebastian
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 MARIADB edition.
- Linux/BSD distribution name and version: CentOS 7.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL/MariaDB
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Report to postmaster@
4Content type: Spam
Internal reference code for the message is 32196-14/kxjx8oGnzEffFirst upstream SMTP client IP address: [90.187.90.14]:41883
business-90-187-90-14.pool2.vodafone-ip.deReceived trace: ESMTPSA://[90.187.90.14]:41883 <
Microsoft_SMTP_Server://172.16.2.12 < mapi://fe80::75cb:578b:908c:d0b1Return-Path: <mail@example.org>
From: "A friendly User" <mail@example.org>
Message-ID: <80d3ed1b6af44d3b9fb5241732c1ace5@example.org>
Subject: test
Not quarantined.The message WILL BE relayed to:
<info@destination.de>Spam scanner report:
Spam detection software, running on the system "mail.example.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.Content preview: Grüße A friendly User Business GmbH
http://www.example.org // mail@example.org [...]Content analysis details: (7.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[89.166.145.68 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[89.166.145.68 listed in bl.score.senderscore.com]
0.0 HTML_MESSAGE BODY: HTML included in message
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[89.166.145.68 listed in bb.barracudacentral.org]
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
Return-Path: <mail@example.org>
Received: from SRVEXCHANGE.example.local (business-90-187-90-14.pool2.vodafone-ip.de [90.187.90.14])
by mail.example.net (Postfix) with ESMTPSA id CE4C781564D
for <info@destination.de>; Sun, 17 Dec 2017 17:58:00 +0100 (CET)
Received: from SRVEXCHANGE.example.local (172.16.2.12) by
SRVEXCHANGE.example.local (172.16.2.12) with Microsoft SMTP Server (TLS) id
15.1.225.42; Sun, 17 Dec 2017 17:57:37 +0100
Received: from SRVEXCHANGE.example.local ([fe80::75cb:578b:908c:d0b1]) by
SRVEXCHANGE.example.local ([fe80::75cb:578b:908c:d0b1%12]) with mapi id
15.01.0225.041; Sun, 17 Dec 2017 17:57:37 +0100
From: "A friendly User" <mail@example.org>
To: Destination <info@destination.de>
Subject: test
Thread-Topic: test
Thread-Index: AdN3WC3MHqONXGAfTSirbFhXXPvRcg==
Date: Sun, 17 Dec 2017 16:57:37 +0000
Message-ID: <80d3ed1b6af44d3b9fb5241732c1ace5@example.org>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [89.166.145.68]
Content-Type: multipart/alternative;
boundary="_000_80d3ed1b6af44d3b9fb5241732c1ace5exampleorg_"
MIME-Version: 1.0
Maillog:
Dec 17 17:58:03 mail postfix/submission/smtpd[32640]: connect from business-90-187-90-14.pool2.vodafone-ip.de[90.187.90.14]
Dec 17 17:58:03 mail postfix/submission/smtpd[32640]: Anonymous TLS connection established from business-90-187-90-14.pool2.vodafone-ip.de[90.187.90.14]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)
Dec 17 17:58:03 mail postfix/submission/smtpd[32640]: 5E73981564E: client=business-90-187-90-14.pool2.vodafone-ip.de[90.187.90.14], sasl_method=LOGIN, sasl_username=relay@example.org
Dec 17 17:58:03 mail postfix/cleanup[32649]: 5E73981564E: message-id=<f63155b4d705492482de50361a50f89c@example.org>
Dec 17 17:58:03 mail postfix/qmgr[5470]: 5E73981564E: from=<mail@example.org>, size=10793, nrcpt=1 (queue active)
Dec 17 17:58:03 mail postfix/submission/smtpd[32640]: disconnect from business-90-187-90-14.pool2.vodafone-ip.de[90.187.90.14]
Dec 17 17:58:06 mail postfix/10025/smtpd[32659]: connect from localhost[127.0.0.1]
Dec 17 17:58:06 mail postfix/10025/smtpd[32659]: A87AB815657: client=localhost[127.0.0.1]
Dec 17 17:58:06 mail postfix/cleanup[32649]: A87AB815657: message-id=<SAkxjx8oGnzEff@example.org>
Dec 17 17:58:06 mail postfix/qmgr[5470]: A87AB815657: from=<postmaster@example.org>, size=4346, nrcpt=1 (queue active)
Dec 17 17:58:06 mail postfix/10025/smtpd[32659]: disconnect from localhost[127.0.0.1]
Dec 17 17:58:06 mail postfix/10025/smtpd[32659]: connect from localhost[127.0.0.1]
Dec 17 17:58:06 mail postfix/10025/smtpd[32659]: AC646815658: client=localhost[127.0.0.1]
Dec 17 17:58:06 mail postfix/cleanup[32649]: AC646815658: message-id=<80d3ed1b6af44d3b9fb5241732c1ace5@example.org>
Dec 17 17:58:06 mail postfix/qmgr[5470]: AC646815658: from=<mail@example.org>, size=6040, nrcpt=1 (queue active)
Dec 17 17:58:06 mail postfix/10025/smtpd[32659]: disconnect from localhost[127.0.0.1]
Dec 17 17:58:06 mail amavis[32196]: (32196-14) Passed SPAM {RelayedTaggedInternal}, ORIGINATING LOCAL [90.187.90.14]:41883 [90.187.90.14] <mail@example.org> -> <info@destination.de>, Queue-ID: CE4C781564D, Message-ID: <80d3ed1b6af44d3b9fb5241732c1ace5@example.org>, mail_id: kxjx8oGnzEff, Hits: 7.761, size: 5226, queued_as: AC646815658, 5447 ms, Tests: [HTML_MESSAGE=0.001,RCVD_IN_BRBL_LASTEXT=1.644,RCVD_IN_PBL=3.558,RCVD_IN_RP_RNBL=1.284,RDNS_NONE=1.274]
Dec 17 17:58:06 mail postfix/amavis/smtp[32654]: CE4C781564D: to=<info@destination.de>, relay=127.0.0.1[127.0.0.1]:10026, delay=6.1, delays=0.57/0.01/0/5.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AC646815658)
Dec 17 17:58:06 mail postfix/qmgr[5470]: CE4C781564D: removed
Dec 17 17:58:06 mail postfix/cleanup[32649]: C382681564D: message-id=<SAkxjx8oGnzEff@example.org>
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.